HybridPetya Ransomware Alarmingly Sneaks Past BIOS Secure Boot To Install Malware

UEFI secure boot was designed to block malicious code from sneaking into your PC's BIOS boot-up process. However, a newly discovered ransomware dubbed HybridPetya somehow found a way to circumvent this. Cybersecurity firm ESET discovered the threat and revealed that it had not been observed in any active attacks just yet.

Here's how it operates. HybridPetya can recognize when a system's hard drive is set up with UEFI. Normally, UEFI Secure Boot would block tampering by confirming the certificates of every booting software, but this ransomware exploits the CVE-2024-7344 vulnerability to escape the check. After bypassing Secure Boot, it goes straight to the boot partition, where it can change, remove, or insert files. By doing so, it gains control over the system's startup process and then locks and encrypts the rest of the drive's contents.

At this stage, a user can no longer access their ...